Security & Ethics

Question 1

Hacking

Answer 1

Illegally gaining access to a computer system

Question 2

Cracking

Answer 2

Illegally changing source code of a program so that it can be exploited for another
use

Question 3

Spyware

Answer 3

User clicks on a link from an email or website
When clicked spyware is downloaded
Monitors users activity and relays it back to author
Keypresses can be analysed to find passwords
Common key logs allow password to be found

Question 4

Viruses

Answer 4

Program that replicates itself
Deletes or corrupts files
Ransomware a new form of virus

Question 5

Phishing

Answer 5

Fake email sent that locks legitimate
User clicks on link in the email
User redirected to fake website
Often used to try and steal financial details
How to avoid – Don’t click on links from unknown emails

Question 6

Pharming

Answer 6

Malicious code stored on a computer
Redirects user to fake website to steal users data
How to avoid – check the URL is as expected

Question 7

Cookies

Answer 7

Message given to browser by webserver
Stored in a text file
Stores detail about users preferences on a website
Message sent back to server each time that page is requested

Question 8

Uses of Cookies

Answer 8

Enable logon information to be kept
Provide customized pages for the user
Enable target adverts
Enable one-click purchasing with shopping carts
Be able to distinguish between new and repeat visitors

Question 9

Cause of Data Loss

Answer 9

Accidental Deletion
Malicious – virus
Hardware failure
Software failure
Natural disaster

Question 10

Prevention of Data loss

Answer 10

Set data to read only
Use correct shut down procedures
Use correct procedures wen removing portable storage devices

Question 11

Firewalls

Answer 11

Prevents unauthorized access
Acts as a filter for incoming/outgoing data
Checks data meets criteria
Logs incoming and outgoing traffic
Blocks access to specified IP addresses

Question 12

Antivirus

Answer 12

Compares virus signature against a database of known virus signatures

Question 13

Proxy Server

Answer 13

Keeps user IP address secret
Prevents direct access to a webserver
Filters traffic
Speeds up traffic using CACHE
Blocks selected IP addresses
Helps prevent hacking of a webserver

Question 14

Keeping Data Safe

Answer 14

Encrypt the data
Password protection
Virus checking software
Physical methods
Access rights

Question 15

On Screen Security Methods

Answer 15

On screen keypad
Uses on-screen keypad
No keypresses so keylogging software won’t work
Numbers on key pad can be made random

Drop down boxes
Protects against key logging software
Stops key presses being recorded and relayed
Boxes can be placed in different locations each time to prevent screen capture

Question 16

Password Text

Answer 16

Characters typed at a keyboard and can be changed by the user

Question 17

Biometric

Answer 17

Scanned physical measurement that is compared to stored previously scanned measurement:
Finger print
Retina scan
Voice recognition
Face recognition

Question 18

Security Protocols

Answer 18

Uses encryption
Uses SSL
Uses digital certificates – contains public key
Makes use of public and private keys
Data is meaningless without the key

Question 19

How can we tell a website is using SSL

Answer 19

Protocol end in s e.g. https
Padlock on some browsers
Colour of address bar changes

Question 20

SSL Process

Answer 20

Uses digital certificates
the browser asks the web server to identify itself
Server sends SSL
client and server agree on an encryption method to use that contains the server’s public key
Browser check authenticity of the certificate
A session key is generated
Sends signal to begin transmission

Question 21

TLS

Answer 21

Record layer
Contains the data being transferred
Can be used with or without encryption

Handshake layer
Website and client authenticate each other
Encryption algorithms used to establish secure session

Question 22

Differences between TLS and SSL

Answer 22

Possible to extend TLS using new authentication methods
TLS can make use of session caching
TLS separates handshake and record protocol

Question 23

Encryption

Answer 23

Before encryption it is plain text
Text encrypted using an algorithm
Text encrypted using a key
Encrypted text called cypher text
Key transmitted separately from text
Key used to decrypt the cypher text

Question 24

Asymmetric Encryption

Answer 24

Private key and Public key needed
Public key given to everyone
Private key only known by the computer user
Encryption keys generated using a hashing algorithm

Question 25

Authentication

Answer 25

Used to verify that data comes from trusted source

Question 26

Symmetric Encryption

Answer 26

Uses the same key to encrypt and decrypt data

1 key needed to encrypt and another to decrypt

Question 27

Hashing algorithm

Answer 27

Takes message or key and translates it into string of characters
Usually shown in hex notation
Length depends on algorithm used
Same hashing algorithm needed to decrypt

Question 28

DoS Attacks

Answer 28

Large number of requests sent to server at once
Designed to flood a server with useless traffic
Server will come to a stop trying to deal with the traffic
Prevents users gaining access to the web server

Question 29

Misuses

Answer 29

Hacking

Malware

Question 30

Intellectual Property Rights

Answer 30

Copyright laws

Question 31

Privacy and Anonymity Issues

Answer 31

social media

Question 32

Effects of Computers on Society

Answer 32

Loss of jobs

Addiction and health problems

Question 33

Laws

Answer 33

Data protection act

Computer misuse act

Question 34

Environmental impacts

Answer 34

E-waste

Question 35

Free Software

Answer 35

Can use for any legal purpose you wish
Can study and change the source code
Can pass on to other people
Must not be used to infringe copyright laws by copying existing software

Question 36

Freeware

Answer 36

Can download and use free of charge

Cannot view or modify the source code e.g. Skype

Question 37

Shareware

Answer 37

Can use for a trial free of charge
Need to pay once the trial is over
Often trial version missing key features
Protected fully by copyright laws
Cannot modify code or distribute the software

Question 38

How cookies work

Answer 38

Cookie file is stored by browser on user’s SSD/HDD
User’s details are stored in encrypted text file
Webserver requests cooke file
Browser sends cooke file to webserver

Question 39

Dangers of cookies

Answer 39

User does not see what information is stored
Users feel their privacy is affected
Sensitive information on cookies could be intercepted in transmission
Other websites could gain access to the cookies
Computer can be hacked and cookie may be obtained.